Download Belkasoft RAM Capturer
Belkasoft RAM Capturer – a low-level tool for removing the image of the computer’s memory. The program is designed for use by forensic specialists and developers of security systems. Working in the operating system kernel mode can successfully bypass the active forms of protection against debugging, such nProtect GameGuard. The package includes 32-bit and 64-bit drivers for Windows, allowing the program to operate in a privileged mode, kernel. The program is free.
Many of the programs, including the popular multiplayer games, security systems, as well as malicious software to protect its processes from research using the debugging tools. Such programs are used to counter the active debugging systems that can detect and prevent attempts by other programs to read the data from the memory protected areas. At best, an attempt to use the debugger fails – instead of the interest of researchers in the protected area information detected zeros or random data. In the worst case hangs or restart the computer, making further research impossible.
In order to prevent such a development requires the use of tools working in a privileged mode, the operating system kernel. The delivery Belkasoft RAM Capturer includes 32- and 64-bit versions of drivers operating in kernel mode and enable processing region belonging protected processes the data correctly.
The image memory obtained by Belkasoft RAM Capturer, can be analyzed forensic product of Belkasoft Evidence Center via Live RAM Analysis function. The study, the computer memory allows the forensic detection of data that do not fit on the hard drive, such as chat rooms, social networking, and discussions in online multiplayer games.